A developer is reviewing the following transaction logs from a web application:
Username: John Doe
Street name: Main St.
Street number: <script>alert(‘test’)</alert>
Which of the following code snippets should the developer implement given the above transaction logs?
A. if ($input != strcmp($var1, "<>")) {die();}
B. <form name ="form1" action="/submit.php" onsubmit="return validate()" action=POST>
C. $input=strip_tags(trim($_POST[‘var1’]));
D. <html><form name="myform" action="www.server.com/php/submit.php action=GET"
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
C
Agreed.
It is important to notice that this function (strip_tags), in real life, is not the most adequate to prevent XSS attacks, as seen in PHP manual: “Warning: This function should not be used to try to prevent XSS attacks. Use more appropriate functions like htmlspecialchars() or other means depending on the context of the output.”.
Source: https://www.php.net/manual/en/function.strip-tags.php